Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
11121314151617181920
18 CHAPTER 3: NETWORK SECURITY CONFIGURATION
The following chapters describe how to configure AAA and RADIUS, user
password, firewall and packet filtering. Refer to the VPN part of this manual for
IPsec/IKE configuration; refer to
“NAT Configuration” for address translation
configuration.
Hierarchical Command
Line Protection
The system command lines are protected in a hierarchical way. In this approach,
the command lines are divided into four levels: visit, monitor, system, and manage.
You will be unable to use the corresponding levels of commands unless you have
provided the correct login password.
RADIUS-Based AAA AAA is used for user access management. It can be implemented via multiple
protocols but the AAA discussed here is RADIUS-based.
AAA provides the functions of:
Hierarchical user management. The users are allowed to perform the
operations like managing and maintaining the system configuration data, and
monitoring and maintaining the equipment that are crucial to the normal
operation of the system. Therefore, it is necessary to strictly manage the users
by classifying them into different levels and granting each with a specific right.
In this case, a low-level user is allowed to perform but only some viewing
operations and only a high-level user can modify data, maintain the
equipment, and perform some other sensitive operations.
PPP authentication. With it, user name authentication will be performed before
the setup of a PPP connection is allowed.
PPP address management and allocation. When setting up a PPP connection,
the system may assign the pre-specified IP address to the PPP user.
The next chapter will cover the details of RADIUS protocol and its configurations,
user password configuration, and PPP user address configuration. For PPP
authentication protocols, refer to the User Access module of this manual.
Packet Filter and
Firewall
Firewall Concept Firewall can prevent unauthorized or unauthenticated users on the Internet from
accessing a protected network while allowing the users on the internal network to
access web sites on the Internet and send/receive E-mails. It can also work as an
Internet access right control GW by permitting only some particular users inside
the organization to access the Internet.